Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: comparison ? (Score 1) 111

by Tom (#49167509) Attached to: Unreal Engine 4 Is Now Free

Anyone who knows both - how does Unreal compare to Unity? I mean from a developer perspective. I've been using Unity since late 1.x / early 2.x days, and one thing that I like it for is that compared to the other engines I know from that time (e.g. Torque), it was always very easy to use and develop with, especially in the early development phases when you're prototyping and want to see some results, fast, so you can test basic gameplay and mechanics.

How does Unreal compare?

Comment: Re: the forces working against us (Score 1) 307

by Tom (#49160209) Attached to: Moxie Marlinspike: GPG Has Run Its Course

It's not a cop-out.

It's a cop-out if you say "laziness" as if it explains anything. That's like the police finding a crime scene and concluding that the gun killed the man, and then packing up their things and going home.

We need to figure out why people are lazy and check if we can address it. Maybe we're making it too difficult?

Here's an example: Backups. Even I didn't have a good backup regime until Apple came up with Time Machine. It's just too much stupid work. But someone sat his ass down and asked the right question. And that's not "why are these fuckers so fucking lazy?", but "how can we make it easier for the users?".

they usually see as *an obstacle* to fun

That exactly is the point. If people see our work as an obstacle - maybe every once in a while we should climb down from our high horse and admit that they could be right?

Threema is only $1 more than WhatsApp. Pop quiz: how many people buy these over the insecure alternatives? Now you know how much the users care. ;)

Messaging apps are driven purely by networks. If all your friends switched to Threema, you'd do it too. If nobody does it, you're unlikely to be the first. Security doesn't matter enough to lose contact with all your friends.

Comment: Re:who cares ? (Score 2) 184

by Tom (#49157551) Attached to: Google Taking Over New TLDs

If I am looking for Foobar Inc's website, and I see, I can be pretty sure that is legitimate.

That's not been true for a decade. Due to overloading (i.e. multiple organisations, same name), the Foobar Inc you are looking for could be at - but it could also be at or or or or whatever domain name was still available when they finally went on the Internet.

Comment: Re:Greedy bastards. (Score 1) 184

by Tom (#49157549) Attached to: Google Taking Over New TLDs

It highlights a problem with the DNS system since ICANN took over.

We used to have a logical, hierarchical system. Any company would be under .com and any university under .edu -- then it broke apart and you would find anything under .com and anyone who couldn't get the .com name under .org, .net or whatever.

Then ICANN came along and greed won. Now you'll find anyone under anything, provided they paid for it. The TLD part has become entirely meaningless as it does not convey meaning anymore. ".dev" does not actually mean anything. You might think it means something if you associate those three letters with a meaning, but actually it only means "owned by Google".

We should just ditch the .tld entirely and that's it.

Comment: Re:And no one cares (Score 1) 184

by Tom (#49157541) Attached to: Google Taking Over New TLDs

Sarcasm aside, professionals use the right tool for a job. Not necessarily the most complex or expensive or technical. A professional knows when to use the combo-hyper-pro-magic-machine as well as when to take a hammer or a screwdriver.

URLs have a reason to exist, and they will. The same way that IPs have a reason to exist and will, even though we rarely use them today. But 10 years ago, I knew the IPs of all my servers by heart. Today I need them rarely, but sometimes I do and I know where to find them. Today I know all my domains by heart. Maybe in 10 years I will use them rarely, but when I do, I know how to do it.

Comment: Re:this is one more reason (Score 1) 135

by Tom (#49157531) Attached to: Under US Pressure, PayPal Stops Working With Mega

guilty until proven innocent.

If you have the long laundry list of crimes that Kimble has, and everyone with any interest in the subject is wondering how you're still not in jail, then yes, that is the proper approach.

Don't get me wrong, in a court of law, I'm all for the innocence assumption. But outside, in the real world, when you're dealing with a career criminal then for your own safety you should assume that he's not suddenly turned into a little angel just because you are such a sweety to him.

Comment: Re:git blame (Score 1) 307

by Tom (#49152659) Attached to: Moxie Marlinspike: GPG Has Run Its Course

Three years ago, I tried to start something called the Human Security Initiative. Not by accident acrynomically close to Human Computer Interfaces.

This is desperately needed. We need to sit our asses and oh-so-smart brains down, get some designers and psychologist into the room, and talk about how to properly design security, not just engineer it.

Comment: Re:git blame (Score 1) 307

by Tom (#49152651) Attached to: Moxie Marlinspike: GPG Has Run Its Course

Top labs are *still* researching how to replace passwords while maintaining security.

I know. I've tried my own hand on this topic, to no avail. It's really hard.

And yes, entering your password once is a very big progress.

That's true except all kinds of people have learned to use GPG.

If you have to, or really, really want to, you will learn to use the worst tool in the history of mankind. But we should think about people who have no such drive.

The real reason people rarely use it is pure laziness

That's a cop-out. Another cheap excuse. You're blaming the user and stopping there. Let me help you with some cognitive dissonance: The same users that you call "lazy" spend an hour a day clicking on a screen to plant FarmVille crops. The most useless and boring activity ever invented. If Zynga can get them to click on some pixels repeatedly, twenty times a day, why can't we get them to click on a button once?

Comment: problem (Score 1) 388

by Tom (#49152641) Attached to: Verizon Posts Message In Morse Code To Mock FCC's Net Neutrality Ruling

it insisted that the very idea of Net neutrality squished its First and Fifth Amendment right

There's your problem right there. Once we grow three brain cells and understand that corporations are not people, and while they deserve rights, they don't deserve the same rights. I'm not even saying higher or lower, just saying there's a fucking difference, acknowledge it!

Comment: Re:git blame (Score 1) 307

by Tom (#49145963) Attached to: Moxie Marlinspike: GPG Has Run Its Course

I'm not saying users are completely blameless littel angels. But I'm so sick and tired of this reflex of blaming everything on stupid users.

Some comedian said it very nicely about another topic: When a house burns down, and the firefighters put out the flames, they don't just go home and write a report saying "fire destroyed the house". They go in and sift through the debris and try to figure out what caused the fire.

In IT we largely don't do that. We treat users as mystical black boxes and root causes and once we've found the user somewhere in the chain of causality, we stop. We don't ask ourselves why the user made this mistake or why the users don't seem to want security. We say "stupidity" the same way ancient map makers put "here be dragons" on their maps.

And that, I say, is stupid. We should go in there and figure out what actually is in that white spot. Why did the user make this mistake? Why do they fall for phishing? Why do they want speed over security? And a boilerplate "because they're stupid" is not an acceptable answer.

We're so smart (or so we think), but we can't figure out how to make security desirable, unobtrusive and a positive experience. Really?

Comment: Re:git blame (Score 1) 307

by Tom (#49145943) Attached to: Moxie Marlinspike: GPG Has Run Its Course

You can lead a horse to water but you can't make him drink.

cheap excuse

People are too lazy to type in a password in order to send mail.

Then make it not necessary to type in a password. Even I don't understand why I should type a password for every mail I send.

Yes I do use GPG its the best thing we have going right now for the average person to protect his data.

No, it's not. It might be technically the best tool, but if it's unusable, then in sum total, it's not. There are many factors that go into these equations, and we techies are sometimes blind to some of them.

Comment: easy (Score 1) 347

by Tom (#49144853) Attached to: The Programmers Who Want To Get Rid of Software Estimates

But it's so easy to make a good estimate, takes less than 10 seconds:

Take your instinctive estimate.
Double it.
Increase units by one (if you think "hours", make it days. If you think "weeks" make it months, etc.)

So if you think it'll take 2-3 days, tell your manager it'll be ready in 4-6 weeks. Don't forget that in management school, they teach these fuckers to under-promise and over-deliver. He understands.

Comment: Re:Tilting at Windmills (Score 2) 347

by Tom (#49144837) Attached to: The Programmers Who Want To Get Rid of Software Estimates

From a human psychology standpoint he would rather know that it will be done in 3 days, barring delays, than not know when it will be done and have it in two hours. I personally think that is a dumb way of doing things, but I am the outlier, not the director.

The psychological issue is that you don't know, but you have a hunch, you have some insight. You know it's probably going to be a few hours.

But for non-techies, all this stuff is a total blackbox. When you say "I don't know" they panic, because for them that means anything from a day to a month or maybe infinity. Uncertainty is a horrible psychological state and people try to avoid it. It's an instinct. When you don't know if that shadow is a monkey or a lion, it's better to panic just in case.

By saying "three days", you give him certainty. Now he knows the shadow isn't a lion.

Comment: Re:Not surprised (Score 2) 306

by Tom (#49134931) Attached to: Reddit Imposes Ban On Sexual Content Posted Without Permission

Some people will applaud this action, saying that no one should have their private pictures posted without their consent. Some people will call this an issue of right to privacy. Those people are misguided.

Explain how, exactly.

There are things that you just don't do (like, say hitting a woman).

Unfortunately, if the population is large and anonymous enough, you always have someone who does something that you shouldn't do. That's when we need a law. You understand these laws don't fall from the sky, yes? They're the written down rules of society. And society needs rules, otherwise it's not a society, it's just a mob.

And posting sex pictures of other people without their consent is just the kind of stuff that you don't do. And if people don't get it, you have to tell them.

Comment: Re:git blame (Score 4, Insightful) 307

by Tom (#49127323) Attached to: Moxie Marlinspike: GPG Has Run Its Course

Blame the users mostly for not giving a fuck about encryption.

That is stupid. It's like saying blame the drivers for not giving a fuck about fuel injection. Users should not have to care about encryption. They should care about having secure and private communication, and how to make that happen is our job, it's why we are being paid more than burger flippers.

Nothing is finished until the paperwork is done.